CVE-2026-34906

216.73.217.22

· Published 02/06/2026 10:16 · Modified 02/06/2026 13:54

Labels: CVE-2026-34906 2026-06-02 CVE-2026-34906 CWE-1336 [email protected]

Essential information

Published: 02/06/2026 10:16
Modified: 02/06/2026 13:54
Author: —
Creator: —
CVSS: 9.3 CRITICAL (v3) 9.3 CRITICAL (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE). In the endpoint redirectToUrl and parameter redirectUrlParameter, insufficient input validation permits injection of arbitrary template expressions that are executed on the server. Successful exploitation can allow an attacker to run remote commands, including establishing a reverse shell. This issue affects Wirtualna Uczelnia versions up to wu#2016.437.295#0#20260327_105545

NVD status

Status: Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
wirtualna uczelnia / wirtualna uczelnia	`cpe:2.3:a:wirtualna_uczelnia:wirtualna_uczelnia:wu#2016.437.295#0#20260327_105545:::::::*`